MIT Hit with a Series of DDoS Campaigns

MIT Hit with a Series of DDoS Campaigns

The Massachusetts Institute of Technology (MIT) has received more than 35 DDoS campaigns so far in 2016, against several different targets, and using a variety of techniques.

An investigation by Akamai SIRT revealed that close to 43% of attack vectors leveraged during these campaigns included DDoS reflection and amplification attack vectors. Attacks originated from a combination of devices vulnerable to reflection abuse and spoofed IP sources.

The largest attack campaign peaked at 295Gbps, consisting of only a UDP flood attack. Akamai said that this originated with a malware variant known as STD/Kaiten. 

Prior to that, the largest attack peaked at 89.35 using a combination of UDP flood, DNS flood and UDP fragment attack vectors—a hallmark of so-called booter or stresser services. During the campaign, attackers targeted a total of three destination IP addresses.

“Unlike Xor, these kinds of attacks are more accessible to a much larger population of malicious actors,” Akamai said in a threat advisory shared with Infosecurity. “The fact, is almost anyone with motivation and enough knowledge to determine the IP of their target can launch these attacks at low cost. A recent look at a pricing of popular sites offering DDoS stresser services show this can be performed for as little as $19.99 per month.”

The domains abused for amplification of attack responses included cpsc.gov and isc.org. The domain owners themselves are not at fault and don't feel the effects of these attacks–attackers simply abuse open resolvers by sending a barrage of spoofed DNS queries where the IP source is set to be the MIT target IP, Akamai explained.

Photo © Profile–Image

Source: Information Security Magazine